- From: Mike West <mike@mikewest.org>
- Date: Thu, 4 Dec 2025 14:59:23 +0100
- To: Simone Onofri <simone@w3.org>
- Cc: Mike West <mkwst@google.com>, Web Application Security Working Group <public-webappsec@w3.org>, Dan Veditz <dveditz@mozilla.com>
- Message-ID: <CAJToGzN=czVEeSB=44SvLQ=ETiT5+z3J3SHDTt-ktpWUrRBOng@mail.gmail.com>
On Thu, Dec 4, 2025 at 12:28 PM Simone Onofri <simone@w3.org> wrote: > - As per the charter, we should use Software and Document License > Corrected this in https://github.com/mikewest/webappsec-templates/commit/3904723dbae0a4742b73f286c7e7f1bead5a1be1, thanks! > - It can be important to add other success criteria listed in the chatert > (e.g., security, privacy, accessibility, internationalization, etc.), > following the design principles from the TAG It's not clear to me to what extent those criteria would apply to individual contributions to the specifications, which is the core of what I'm interested in hammering out with these templates. If there are pieces we should be sure to include, though, I'd certainly appreciate specific suggestions as pull requests to the repo. :) > Can we invite him to the next call for further details? > Certainly, though I'd like not to wait until then to put new templates in place if we don't have to. Perhaps we could discuss further details either here on this thread or as part of https://github.com/w3c/webappsec/issues/688? -mike > > Thanks, > > Simone > > > > On 4 Dec 2025, at 09:17, Mike West <mkwst@google.com> wrote: > > > > Hey folks! > > > > I'm pinging this thread for visibility after the US holidays. In the > absence of objections or substantive feedback, I plan to push the templates > sketched in https://github.com/mikewest/webappsec-templates/tree/main to > WebAppSec's repositories on Monday. I'd appreciate y'all weighing in, > either positively or negatively, on > https://github.com/w3c/webappsec/issues/688. :) > > > > Thanks! > > > > -mike > > > > > > On Thu, Nov 27, 2025 at 11:50 AM Mike West <mkwst@google.com> wrote: > > After some more discussion at TPAC, I think we landed on general > agreement in the room that it would be reasonable to formalize requirements > for specifications we think have moved beyond incubation into a more > "living" model, and also that leaning heavily on WHATWG's well-proven > templates was probably a good idea. > > To that end, I put > https://github.com/mikewest/webappsec-templates/tree/main together as a > demonstration of a proposal for us to add to specs' repositories. It does > ~3 things: > > • Creates a template for pull requests that asks for signals from > browser engines, web platform tests, bugs to be filed against implementers, > and a bug to be filed against MDN. > > • Creates two issue templates: one for "issues", another for > "features". This division seems quite helpful for WHATWG specs, and I think > it's reasonable to push our specs in the same direction. > > • Additions to our CONTRIBUTING.md that make those requirements > clear. > > Based on our experience with Subresource Integrity, I'd suggest that we > merge these templates into most* of our specs. > > WDYT? https://github.com/w3c/webappsec/issues/688 would be a fantastic > place to weigh in. > > *DBSC is the only one that seems to me to still be in enough flux that > it might benefit from a lower bar, but I'd ask that specification's editors > to weigh in on that). > > -mike > > >
Received on Thursday, 4 December 2025 13:59:55 UTC